3 Flashcards
Amanda wants to securely destroy data held on DVDs. Which of the following options is not a suitable solution for this?
Burning
Pulverizing
Shredding
Degaussing
Degaussing
Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively?
tcpdump
A network SIPper
netcat
Wireshark
Wireshark
Selah is following the Cyber Kill Chain model and has completed the delivery phase. What step is next according to the Kill Chain?
Weaponization
Installation
Actions on Objective
Exploitation
Exploitation
Gene recently conducted an assessment and determined that his organization can be without its main transaction database for a maximum of two hours before unacceptable damage occurs to the business. What metric has Gene identified?
RPO
MTTR
RTO
MTBF
RTO
Henry wants to check to see if services were installed by an attacker. What commonly gathered organizational data can he use to see if a new service appeared on systems?
Vulnerability scans
Flow logs
Registry dumps from systems throughout his organization
Firewall logs
Vulnerability scans
Elaine wants to securely erase the contents of a tape used for backups in her organization’s tape library. What is the fastest secure erase method available to her that will allow the tape to be reused?
Wipe the tape by writing a random pattern of 1s and 0s to it.
Wipe the tape by writing all 1s or all 0s to it.
Use a degausser.
Incinerate the tape.
Use a degausser.
Isabelle needs to select the EAP protocol that she will use with her wireless network. She wants to use a secure protocol that does not require client devices to have a certificate, but she does want to require mutual authentication. Which EAP protocol should she use?
EAP-TLS
EAP-FAST
PEAP
EAP-TTLS
PEAP
Madhuri wants to check a PNG-formatted photo for GPS coordinates. Where can she find that information if it exists in the photo?
In the photo’s metadata
In the photo as a steganographically embedded data field
In the location.txt file appended to the PNG
On the original camera
In the photo’s metadata
Chris wants systems that connect to his network to report their boot processes to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations?
UEFI/Trusted boot
UEFI/Measured boot
BIOS/Measured boot
BIOS/Trusted boot
UEFI/Measured boot
Ben wants to implement a RAID array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use?
RAID 1
RAID 10
RAID 6
RAID 5
RAID 10
Gurvinder wants to select a mobile device deployment method that provides employees with devices that they can use as though they’re personally owned to maximize flexibility and ease of use. Which deployment model should he select?
COPE
BYOD
MOTD
CYOD
COPE
How does technology diversity help ensure cybersecurity resilience?
It ensures that a vulnerability in a single company’s product will not impact the entire infrastructure.
If a single vendor goes out of business, the company does not need to replace its entire infrastructure.
It means that a misconfiguration will not impact the company’s entire infrastructure.
All of the above.
All of the above.
Norm is using full-disk encryption technology to protect the contents of laptops against theft. What goal of cryptography is he attempting to achieve?
Nonrepudiation
Integrity
Confidentiality
Authentication
Confidentiality
Mark unplugs the network connection from a system that is part of an incident and places tape over its Ethernet jack with a sign that says “Do not reconnect without approval from IR team.” How is this method best described?
Segmentation
Zoning
Isolation
Containment
Isolation
Amanda wants to create a view of her buildings that shows Wi-Fi signal strength and coverage. What is this type of view called?
A heatmap
A PSK
A SSID chart
A channel overlay
A heatmap
Gabby wants to implement a mirrored drive solution. What RAID level does this describe?
RAID 5
RAID 1
RAID 6
RAID 0
RAID 1
Brenda’s company provides a managed incident response service to its customers. What term best describes this type of service offering?
MSP
SaaS
PaaS
MSSP
MSSP
Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.
Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.
What is the exposure factor (EF)?
50%
5%
100%
20%
100%
Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. What technique has she used?
Whaling
Typosquatting
A watering hole attack
Vishing
A watering hole attack
Charles wants to find out about security procedures inside his target company, but he doesn’t want the people he is talking to realize that he is gathering information about the organization. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process in social engineering efforts?
Elicitation
Prepending
Pharming
Suggestion
Elicitation
Naomi believes that an attacker has compromised a Windows workstation using a fileless malware package. What Windows scripting tool was most likely used to download and execute the malware?
Bash
Python
PowerShell
VBScript
PowerShell
Fred receives a call to respond to a malware-infected system. When he arrives, he discovers a message on the screen that reads “Send .5 Bitcoin to the following address to recover your files.” What is the most effective way for Fred to return the system to normal operation?
Pay the Bitcoin ransom.
Restore from a backup if available.
Run antimalware software to remove malware.
Wipe the system and reinstall.
Restore from a backup if available.
Kyle is conducting a penetration test. After gaining access to an organization’s database server, he installs a backdoor on the server to grant himself access in the future. What term best describes this action?
Lateral movement
Persistence
Maneuver
Privilege escalation
Persistence
Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine least vulnerable to having data stolen from it?
When the machine is booted and logged in but is asleep
When the machine is booted and logged in but is unlocked
When the machine is booted and logged in but is locked
When the machine is off
When the machine is off
Allan is developing a document that lists the acceptable mechanisms for securely obtaining remote administrative access to servers in his organization. What type of document is Allan writing?
Standard
Guideline
Procedure
Policy
Standard
Gabby wants to capture the pagefile for a system. Where will she find the pagefile stored?
In a CPU register
In memory
On disk
In device firmware
On disk
Password complexity, password history, and password reuse are all examples of what?
Credential attributes
Account policies
Account audits
Access policies
Account policies
Brian discovers that a user suspected of stealing sensitive information is posting many image files to a message board. What technique might the individual be using to hide sensitive information in those images?
Birthday attack
Steganography
Replay attack
Homomorphic encryption
Steganography
Adam is conducting software testing by reviewing the source code of the application. What type of code testing is Adam conducting?
Mutation testing
Fuzzing
Static code analysis
Dynamic code analysis
Static code analysis
Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use?
SRTP
LDAPS
IMAPS
SNMPv3
LDAPS
Kevin is configuring a web server to use digital certificates. What technology can he use to allow clients to quickly verify the status of that digital certificate without contacting a remote server?
Certificate pinning
Certificate stapling
OCSP
CRL
Certificate stapling
Scott wants to allow users to bring their own credentials to his website so that they can log in using a Google or Microsoft account without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their information?
Kerberos
RADIUS
OAuth
OpenID
OpenID
Hitesh wants to keep a system online but limit the impact of the malware that was found on it while an investigation occurs. What method from the following list should he use?
Black holing
Isolation
Segmentation
Containment
Containment
Michelle wants to ensure that attackers who breach her network security perimeter cannot gain control of the systems that run the industrial processes her organization uses as part of their business. What type of solution is best suited to this?
A cold aisle
A screened subnet
An air gap
A Faraday cage
An air gap
During a penetration test, Patrick deploys a toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity?
OSINT
Privilege escalation
Footprinting
Lateral movement
Lateral movement
Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as?
An influence campaign
A supply chain attack
A pharming attack
A hoax
A supply chain attack
Elaine wants to implement an AAA system. Which of the following is an AAA system she could implement?
LDAP
SAML
RADIUS
OAuth
RADIUS
Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?
A new full backup
A differential backup
A snapshot
An incremental backup
A differential backup
Angela wants to limit the potential impact of malicious Bash scripts. Which of the following is the most effective technique she can use to do so without a significant usability impact for most users?
Prevent execution of Bash scripts.
Disable Bash.
Switch to another shell.
Use Bash’s restricted mode.
Use Bash’s restricted mode.
Alan’s team needs to perform computations on sensitive personal information but does not need access to the underlying data. What technology can the team use to perform these calculations without accessing the data?
Homomorphic encryption
